2023.09.17 10:39:23 (Mastodon 111080057329502333, Twitter 1703357880789840000) from Daniel J. Bernstein:
Fact check: Lattice KEMs and signatures do _not_ have the security proofs claimed by @sweis (@sweis@infosec.exchange) in https://web.archive.org/web/20230917101907/https://securitycryptographywhatever.com/2023/06/29/why-do-we-think-anything-is-secure-with-steve-weis/ ("if you could solve this average case [crypto problem] then you could solve this, worst case [SVP] which is known to be NP-hard").